> On Mon, 13 Oct 2014 17:30:58 +0200 > Andreas Ladanyi <andreas.lada...@kit.edu> wrote: > >> On my old system from which i migrated the users/group accounts uses >> the Kerberos own DB without LDAP for the principals. >> >> I could dump the master key : >> >> kdb5_util dump filename K/M@REALM >> >> Now i have a lot of numbers in the dumpfile. Which number belongs to >> which LDAP attribute in the (test) FreeIPA 389 LDAP System (Simon >> called it a throwaway system :-) ) >> >> I dont know the data structure of the KRB own DB. > And you shouldn't really care, you should use the kdb5 utils to load > back the dumped DB, provided you first create all users and hosts and > services via the freeipa tools. > > Simo.
Ok, i dumped the kerberos DB with kdb5_util and get the dumped file with all principals. So now if i unterstand you correctly, if have to create all users/group/service principals with the freeipa tools first ? How can i import the dumped principals in to the 389 LDAP ? I cant see any options in the kdb5_ldap_util to import the principals and hashes from the dumped KRB DB file to 389 LDAP ? Andreas
smime.p7s
Description: S/MIME Cryptographic Signature
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project